The UK’s Competition and Markets Authority (CMA) recently met with industry executives based on concerns it raised around Google’s Privacy Sandbox.

Some estimate the Privacy Sandbox is used by billions of people and “underpins the economic system of the advertising industry,” but the technology has moved into a “standstill period” based on certain criteria the CMA wants Google to address.

Recently, an ad industry executive who met with the CMA wanting to share observations from testing and seek feedback from CMA representatives, spoke with Search & Performance Insider about the challenges. The person asked for anonymity. We will call that person “Henry.”

Privacy Sandbox features and APIs have been available for some time, but only opened testing earlier this year. Constrained ad supply, less than 4%, is based on the 1% of testing being done.

Companies want to assess how Privacy Sandbox works when buying and measuring advertising, controlling frequency, and personalization, but Henry says the available supply falls short.

Some believe the 1% is enough to evaluate the technical specification, but not the potential of the competitive impact on the market.

Many of the Privacy Sandbox features require adoption from the entire industry to be useful. That adoption takes time. Even Google’s programmatic ecosystem has not widely adopted some of the features, Henry says.

Privacy Sandbox is a set of technology protocols. How does the CMA determine whether Google’s changes to Privacy Sandbox reduces competition? What are the criteria? Does the CMA analyze the mechanisms of the Privacy Sandbox and decide whether or not Google has an advantage based on tools, technology, and open internet ad buying?

Even after speaking directly with the CMA, Henry says these answers were not clear.

The CMA’s legal agreement states after Chrome ends support for third-party cookies, Google commits to not using Personal Data from a user’s Chrome browsing history, including synced Chrome history, in its Ads Systems to track that user for the Targeting or Measurement of digital advertising on either Google owned-and-operated ad inventory or ad inventory on websites not owned and operated by Google.

Google will design, develop and implement the Privacy Sandbox proposals in a manner consistent with the Purpose of the Commitments, taking into account the Development and Implementation Criteria, the legal document states. In addition, Google will ensure that it does not distort competition by discriminating against rivals in favor of Google’s advertising products and services.

In particular, Google will not design and develop the Privacy Sandbox proposals in ways that will distort competition by self-preferencing Google’s advertising products and services — and implement the Privacy Sandbox in ways that will distort competition by self-preferencing Google’s advertising products and services — or use competitively sensitive information provided by an ad tech provider or publisher to Chrome for a purpose other than that for which it was provided.

There might be instances where Privacy Sandbox is more useful — especially when combined with other approaches the industry has and will develop in the future to deal with cookie deprecation in the Chrome browser.

Advertisers used third-party cookies to decide audiences, impressions and value to an extent — as well as to determine the frequency of serving the ad. There a lot of open questions related to Privacy Sandbox, and not enough ways to get answers, Henry says.

Google is a U.S.-based company, but i t operates globally. One of the biggest questions I have is why the CMA is leading this change and not a regulatory body in the United States.

I’ll leave it up to the reader to answer that question. It’s a heavy burden to take on — even for an entity as large as Google.

The test is limited with a 1% sample equal to millions of users. It is enough to evaluate the technical specification, but many features require industrywide adoption to be useful.